Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
Anonymous
Not applicable

Integrate SSO/SAML or OIDC authentication in PowerBI on premise (ReportServer)?

‎07-03-2023 07:06 AM

 

Dear Community,

we are currently using an on-premises ReportServer, with PowerBI, and are exploring options to authenticate our users through a Single Sign-On (SSO) IdentityProvider. In our case, we are utilizing Okta, and we would like to use either SAML or OAuth (OIDC) as the authentication type.

We are seeking advice on how to achieve this. Would we need to create our own SecurityExtension, similar to the Custom Security Sample provided on this link: https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample?

Is there anyone who has implemented this using OIDC or SAML? Are there alternative methods we could consider? Any guidance would be greatly appreciated.

Thank you!

Message 1 of 4
2,732 Views
3 REPLIES 3
rohit1991
Super User
Super User

‎02-02-2025 06:49 AM

Hi @Anonymous ,
Integrating SSO (SAML/OIDC) with Power BI Report Server (On-Premises)

Power BI Report Server does not natively support SAML or OIDC authentication, but you can integrate SSO using Custom Security Extensions.

Approach 1: Custom Security Extension (Recommended)

  • Power BI Report Server supports Forms Authentication via Custom Security Extensions.
  • Microsoft provides a Custom Security Sample:
    GitHub: Reporting Services Custom Security
  • Modify this extension to authenticate with Okta via SAML or OIDC.

Steps:

  1. Download & Modify Custom Security Sample

    • Implement authentication logic for SAML or OIDC (OAuth 2.0) with Okta.
    • Use Okta SDK or API to verify tokens.

  2. Deploy the Security Extension

    • Register it in RSReportServer.config and RSSrvPolicy.config.

  3. Enable Form Authentication

    • Modify authentication settings in the configuration files.

 

Approach 2: Reverse Proxy with SSO

If modifying the Report Server is not an option, use a reverse proxy with SSO support, such as:

  • Azure AD App Proxy (if using Azure AD)
  • NGINX or Apache configured with OIDC authentication
  • Okta Access Gateway

These proxies authenticate users before they access Report Server.


Alternative: Windows Integrated Authentication

If your Okta setup supports Active Directory Federation (ADFS), you can:

  • Sync users with AD
  • Use Kerberos / NTLM for seamless login

However, this requires Hybrid AD or AD Connect.

 

"The goal is to turn data into information, and information into insight." – Carly Fiorina

Need Power BI help? Connect on LinkedIn.

Message 4 of 4
1,128 Views
0
David_U
New Member

‎01-31-2025 11:56 AM

 Has another found a solution to this? I'm looking for the same solution.

Message 3 of 4
1,163 Views
0
ballebone
New Member

‎07-19-2023 02:10 PM

I have a huge need for an OIDC Auth Module for SSRS/PowerBi Reports Custom Module. The Sample is not super accessible for a person of my experience level. Anyone have a better example or lead to success?

Message 2 of 4
2,661 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All